WO2021097550A1 - Procédé et système pour un service de transfert de fichier sécurisé rapide - Google Patents

Procédé et système pour un service de transfert de fichier sécurisé rapide Download PDF

Info

Publication number
WO2021097550A1
WO2021097550A1 PCT/CA2019/051654 CA2019051654W WO2021097550A1 WO 2021097550 A1 WO2021097550 A1 WO 2021097550A1 CA 2019051654 W CA2019051654 W CA 2019051654W WO 2021097550 A1 WO2021097550 A1 WO 2021097550A1
Authority
WO
WIPO (PCT)
Prior art keywords
store
digital file
storage device
request
link
Prior art date
Application number
PCT/CA2019/051654
Other languages
English (en)
Inventor
Younes Hafri
Original Assignee
Effica Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Effica Technologies Inc. filed Critical Effica Technologies Inc.
Priority to PCT/CA2019/051654 priority Critical patent/WO2021097550A1/fr
Publication of WO2021097550A1 publication Critical patent/WO2021097550A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/046Interoperability with other network applications or services

Definitions

  • the present disclosure relates to information technology systems employed over an electronic communication network. More specifically, the present disclosure relates to methods and systems for securely serving and transferring digital files at high speeds with minimal hardware requirements.
  • a digital file when transferring a digital file from a storage location (such as but not limited to a remotely located, cloud-based database) to a user device, the digital file(s) being transferred may be vulnerable to corruption, loss or unauthorized copying. Moreover, users typically desire rapid file transfer in order to facilitate the pace that which many electronic interactions are performed at.
  • the present disclosure provides methods and systems for serving and transferring digital files in a secure, rapid, scalable and invulnerable manner.
  • the present disclosure provides a method for securely uploading a digital file to a storage device and transferring a digital file from the storage device to a user device, the method including the steps of uploading the digital file to the storage device by way of a first cryptographic connection in electronic socket-based communication, storing the digital file in the storage device by way of an store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an infinite number of ephemeral links, receiving metadata associated with the digital file, the metadata included in the store request, caching the metadata associated with the digital file, allocating storage space on the storage device, precomputing a store response headers for a store response, storing the digital file in the storage device prefixed by the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the
  • the present disclosure provides a method for securely uploading a digital file to a storage device, including the steps of uploading the digital file to the storage device by way of a first cryptographic connection in electronic communication with a first TCP/IP network socket, storing the digital file in the storage device by way of a store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent link and an infinite (i.e.: only limited by physical resources) number of ephemeral links associated to the persistent link, receiving metadata associated with the digital file, the metadata included in the store request, storing the metadata in a cache in electronic communication with the storage device, allocating storage space on the storage device, precomputing store response headers for a store response, storing the digital file in the storage device, providing the store response with the store response headers, the store response having a universally unique identifier
  • the present disclosure provides a method for securely transferring a digital file from the storage device to a user device, the method including the steps of loading the digital file for subsequent download, loading the digital file including the steps of receiving a load request, validating the parameters of the load request, and defining a load link associated with the load request, the load link selected from the group consisting of: a persistent link and an infinite (i.e.: only limited by physical resources) number of ephemeral links associated to the persistent link, obtaining the metadata associated with the digital file from the cache by way of a secure and authenticated connection in electronic socket-based communication between the user device and the storage device, the authenticated connection providing direct memory access between the storage device and the user device, downloading the digital file from the storage device to the user device by way of an authenticated connection.
  • the present disclosure provides a system for securely uploading and transferring a digital file
  • the system having a storage device having a processor, storage means and a communications subsystem adapted to electrically connect the storage device to an electronic communication network, a user device having a processor, user input means, local storage means, and a communication subsystem adapted to electrically connect the storage device to the electronic communication network, such that the storage device receives the digital file by way of a first cryptographic connection in electronic communication with a first network socket, the storage device stores the digital file in the storage means in response to a store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an infinite (only limited by physical resources) number of ephemeral links associated to the persistent link, receiving metadata associated with the digital file, the metadata included in the store request, storing the metadata in a cache with the
  • FIGURE 1 is an illustration of a suitable system for use in accordance with at least one embodiment of the present disclosure
  • FIGURE 2 is an illustration of a suitable user device for use in accordance with at least one embodiment of the present disclosure
  • FIGURE 3 is a diagram of a method for securely loading data to a storage device in accordance with at least one embodiment of the present disclosure
  • FIGURE 4 is a diagram of a method for storing data based on a store request in accordance with at least one embodiment of the present disclosure
  • FIGURE 5 is a diagram of a method for securely downloading data to a user device in accordance with at least one embodiment of the present disclosure
  • FIGURE 6 is a diagram of a method for loading data for download based on a load request in accordance with at least one embodiment of the present disclosure.
  • FIGURE 7 is a diagram of a method for securely loading data to a storage device and downloading the data to a user device in accordance with at least one embodiment of the present disclosure.
  • the present disclosure provides methods and systems for serving and transferring digital files in a secure, rapid, scalable and invulnerable manner.
  • a suitable “user device” and “uploading device” includes any suitable computing device such as but not limited to a mobile device, smart phone, a tablet, laptop, desktop terminal, server terminal, and application service.
  • a suitable user device will have suitable local memory, input means and display means and will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
  • a suitable “storage device” includes any suitable data storage device such as but not limited to a remotely located server device and a user device as discussed herein.
  • a suitable storage device will have suitable volatile and non-volatile memory (such as but not limited to SDD/HDD disk, Network Attached Storage (NAS) memory and RAMDISK memory), read/write means and will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
  • suitable volatile and non-volatile memory such as but not limited to SDD/HDD disk, Network Attached Storage (NAS) memory and RAMDISK memory
  • read/write means will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
  • a suitable “electronic communication network” includes any local area network (LAN) or wide area network (WAN) that enables electronic communication between suitably connected devices as required by the end-user application.
  • LAN local area network
  • WAN wide area network
  • a suitable user device will be in electronic communication with suitable storage device as discussed herein.
  • the user device has local data storage means and in other embodiments the user device additionally or alternatively will be in electronic communication with a remotely located storage device over an electronic communication network.
  • suitable data storage may be provided that can be located remotely (i.e. in the cloud and electronically accessed via typical wired or wireless communication protocols) or in a locally oriented server stored onsite (or in other words, on premises data storage) or in local storage on the user device and electronically accessed by way of standard wired or wireless communication protocols, as required by the end user application of the present disclosure.
  • a suitable user device can be adapted and configured to run a suitable Application Programming Interface (API) that is suitable for sending and receiving encrypted electronic communications and managing, editing, storing, and accessing digital files in accordance with the present disclosure.
  • API Application Programming Interface
  • embodiments of the present disclosure can be accessed by a suitable user device through a web browser having access to a suitable electronic communication network, such as the Internet or a local area network.
  • a suitable “digital file” can include any digital data in any format as required by the end user application of the present invention.
  • a user device 2 and a storage device 4 are in electronic communication by way of an electronic communication network 6.
  • user device 2 has visual display means and user interface means, as discussed herein.
  • storage device 6 is a remotely located server.
  • user device 2 and storage device 4 are in electronic communication with each other through an electronic communication network 6 that is a wireless communication network operated through remote servers, also known as a cloud-based network, although other arrangements such as hard-wired local networks are also contemplated as discussed herein.
  • electronic communication network 6 is a wireless communication network operated through remote servers, also known as a cloud-based network, although other arrangements such as hard-wired local networks are also contemplated as discussed herein.
  • user device 2 for use in connection with the present disclosure is illustrated.
  • user device 2 includes a processor 3, a communication subsystem 5 and local data storage 7, all of which are electronically connected by way of a bus 8.
  • Communication subsystem 5 enables wireless electronic communication with electronic communication network 6, although other wired embodiments are also contemplated.
  • Figures 3 and 7 at least one embodiment of a method of securely uploading a digital file to a storage device is depicted. In this embodiment, the method starts 10 and the digital file is subsequently uploaded 12 and stored 14 with the storage device.
  • the digital file is uploaded over a cryptographically secured connection between the uploading device and the storage device through a standard network socket (such as a TSL/SSL socket), although other arrangements are also contemplated.
  • a standard network socket such as a TSL/SSL socket
  • the cryptographically secured connection is a Transport Layer Security (TLS)Secure Sockets Layer (SSL) protocol-enabled connection, as will be readily understood by the skilled person.
  • TLS Transport Layer Security
  • SSL Secure Sockets Layer
  • uploading the digital file 12 to the storage device further comprises the steps of encrypting the digital file using a key derivation function (such as but not limited to a scrypt function) and sending a password associated with the key derivation function from the uploading device to the storage device by way of a suitable electronic communication, including but not limited to a Short Message Service (SMS) message, an email, a facsimile or other suitably secure electronic communication as will be readily understood by the skilled person.
  • SMS Short Message Service
  • a store response is provided 16 confirm that the digital file has been stored and providing further information that can be used to retrieve the stored digital file, as will be discussed in further detail herein.
  • the digital file is stored 14 with the storage device by way of a store request.
  • the store request is a HTTP POST request, as will be readily understood by the skilled person.
  • the store request includes an HTTP header that provides readable parameters for the store request.
  • the store request is associated with a dedicated central processing unit (CPU) of the storage device by way of a consistent hashing protocol, in order to evenly distribute load on computing resources to the storage request.
  • CPU central processing unit
  • the storage request can subsequently be authenticated 100 and authorized 102.
  • the parameters of the store request can be validated 104.
  • a store link between the uploading device and the storage device can be defined 106 in order to determine if the store link is a permanent store link or an ephemeral store link.
  • the store link is an ephemeral store link
  • the ephemeral store link expires after a predetermined amount of time elapses or a predetermined number of clicks that can be defined by the sender.
  • an ephemeral store link can be associated with the permanent store link and moreover the number of ephemeral store links is only limited by the available computing resources of the storage device and the electronic communication network, as will be readily understood by the skilled person.
  • metadata related to the digital file is received 108 and subsequently stored in a cache 110 that is in electronic communication with the storage device.
  • storage space is allocated in the local storage of the storage device 111. In some embodiments it is contemplated that if the exact required storage space cannot be allocated on the storage device, the store request can be rejected.
  • store response headers are precomputed for a store response 112.
  • the store response headers are HTTP headers (such as an ETag HTTP Header) and the store response is an HTTP message. It will be readily understood that precomputing the HTTP response headers prior to the storage of the digital file with the storage device permits the present method and system to expedite the subsequent storage of the digital file with the storage device and the provision of the store response to the uploading device, as the subsequent response can be sent to the storage device in an expeditious manner immediately once the digital file is stored on the storage device.
  • the digital file can be stored 114 with the storage device and the store response can be provided to the uploading device 16, as also can be seen in Figure 3.
  • the store response includes the store response headers and moreover that the store response can have a universally unique identifier (UUID) that has an entity tag and a secure hash digest (such as a SHA256 digest) of the content of the digital file.
  • UUID universally unique identifier
  • secure hash digest such as a SHA256 digest
  • the digital file can be retrieved from the storage device and securely downloaded to a suitable user device.
  • a method of securely retrieving and downloading a digital file is depicted.
  • the method starts 20 and the digital file is subsequently loaded 22.
  • metadata relating to the digital file can be obtained 24 from the cache of the storage device and provided to the user device.
  • the metadata can be obtained 24 by the user device over an authenticated connection between the user device and the storage device by way of a standard network socket. It is further contemplated that the authenticated connection provides direct memory access between the storage device and the user device.
  • the digital file can be downloaded 26 to the user device over an authenticated connection between the user device and the storage device by way of a standard network socket. It is further contemplated that the authenticated connection provides direct memory access between the storage device and the user device. In some embodiments, the authenticated connection is a HTTPS connection.
  • the digital file is loaded 22 in response to a load request that is sent from the user device to the storage device.
  • the load request is a HTTP GET request, as will be readily understood by the skilled person.
  • the load request includes an HTTP header that provides readable parameters for the load request (such as Etag).
  • the load request is associated with a dedicated central processing unit (CPU) of the storage device by way of a consistent hashing protocol, in order to properly distribute the load over the computing resources to the load request.
  • CPU central processing unit
  • the load request can optionally be authenticated 200 and authorized 202.
  • the parameters of the load request can be validated 204.
  • a load link between the uploading device and the storage device can be defined 206 in order to determine if the load link is a permanent load link or an ephemeral load link.
  • the store link is an ephemeral store link, it is contemplated in some embodiments that the ephemeral store link expires after a predetermined amount of time elapses or a predetermined number of clicks that can be defined by the sender.
  • an ephemeral store link can be associated with the permanent store link and moreover the number of ephemeral store links is only limited by the available computing resources of the storage device and the electronic communication network, as will be readily understood by the skilled person.
  • the digital file can be loaded 208 and downloaded to the user device, as also can be seen in Figure 5.
  • the operating system kernel is bypassed as the central processing unit of the storage device is not used to perform the task of copying the digital file from the storage device to the user device, in a zero copy manner, as will be readily understood by the skilled person.
  • a digital file can be securely and quickly uploaded to a storage device from an uploading device and subsequently securely and quickly transferred from the storage device to a user device. It is contemplated that a digital file can be uploaded from an uploading device in response to a store request, stored with the storage device and a store response provided to the uploading device, and subsequently the digital file can be downloaded to a user device in response to a load request.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

La présente invention concerne des procédés et des systèmes pour téléverser et transférer de manière sécurisée un fichier numérique d'un dispositif de stockage à un dispositif d'utilisateur, comprenant les étapes consistant à téléverser le fichier numérique au moyen d'une première connexion cryptographique, à allouer un espace de stockage sur le dispositif de stockage, à stocker le fichier numérique au moyen d'une demande de stockage, à pré-calculer des en-têtes de réponse de stockage et à fournir une réponse de stockage avec les en-têtes de réponse de stockage pré-calculées et ayant un identificateur universellement unique ayant une étiquette d'entité et un condensé de hachage sécurisé du contenu du fichier numérique, à charger le fichier numérique pour un téléchargement ultérieur, à obtenir les métadonnées associées au fichier numérique à partir de la mémoire cache au moyen d'une seconde connexion authentifiée, la seconde connexion authentifiée fournissant un accès direct à la mémoire entre le dispositif de stockage et le dispositif d'utilisateur, à télécharger le fichier numérique du dispositif de stockage au dispositif d'utilisateur au moyen de la seconde connexion authentifiée.
PCT/CA2019/051654 2019-11-20 2019-11-20 Procédé et système pour un service de transfert de fichier sécurisé rapide WO2021097550A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CA2019/051654 WO2021097550A1 (fr) 2019-11-20 2019-11-20 Procédé et système pour un service de transfert de fichier sécurisé rapide

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2019/051654 WO2021097550A1 (fr) 2019-11-20 2019-11-20 Procédé et système pour un service de transfert de fichier sécurisé rapide

Publications (1)

Publication Number Publication Date
WO2021097550A1 true WO2021097550A1 (fr) 2021-05-27

Family

ID=75980232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2019/051654 WO2021097550A1 (fr) 2019-11-20 2019-11-20 Procédé et système pour un service de transfert de fichier sécurisé rapide

Country Status (1)

Country Link
WO (1) WO2021097550A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181021A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Back up using locally distributed change detection
US20140181041A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Distributed data store
WO2019103913A1 (fr) * 2017-11-22 2019-05-31 Arterys Inc. Systèmes et procédés de suivi longitudinal d'études médicales entièrement dé-identifiées

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181021A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Back up using locally distributed change detection
US20140181041A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Distributed data store
WO2019103913A1 (fr) * 2017-11-22 2019-05-31 Arterys Inc. Systèmes et procédés de suivi longitudinal d'études médicales entièrement dé-identifiées

Similar Documents

Publication Publication Date Title
US10979489B2 (en) Systems and methods for aggregation of cloud storage
US11960486B2 (en) Systems and methods for secure file management via an aggregation of cloud storage services
US11818211B2 (en) Aggregation and management among a plurality of storage providers
US10264072B2 (en) Systems and methods for processing-based file distribution in an aggregation of cloud storage services
US10404798B2 (en) Systems and methods for third-party policy-based file distribution in an aggregation of cloud storage services
EP3078179B1 (fr) Optimisations de transfert de données
CN105612716B (zh) 用于提供对数据的访问的系统和方法
US11388218B2 (en) Cloud file transfers using cloud file descriptors
US20160065677A1 (en) System and method for a reliable content exchange of a ccn pipeline stream
JP6957407B2 (ja) ネットワーク・ベースのストレージの内部のファイルのセキュリティ保護された転送
CN116941215A (zh) 高可用性密码密钥
CN108259609B (zh) 一种家庭云端数据的管理方法及云服务器
CN108512824B (zh) 一种家庭云端文件的管理方法及移动终端
CN110677429A (zh) 一种文件存储的方法、系统、云端设备及终端设备
WO2021097550A1 (fr) Procédé et système pour un service de transfert de fichier sécurisé rapide
US20210096753A1 (en) Cloud secured storage system
WO2019033751A1 (fr) Procédé et système de réalisation de traitement de sécurité sur un fichier de données
US9882956B1 (en) Network-backed mass storage device
CN114363397A (zh) 会话处理方法、装置、电子设备和存储介质
CN117749424A (zh) 传输方法、系统、电子设备和介质
Oh et al. A distributed file system over unreliable network storages

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19953329

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19953329

Country of ref document: EP

Kind code of ref document: A1